title: Enable and update Microsoft Defender Antivirus on Windows Server description: Learn how to enable and update Microsoft Defender Antivirus on Windows Server ms.service: defender-endpoint ms.author: chrisda author: chrisda ms.reviewer: yongrhee ms.localizationpriority: high ms.date: 05/01/2025 manager: bagol audience: ITPro ms.collection:
- m365-security
- tier2
- mde-ngp
ms.custom: intro-overview
ms.topic: how-to
ms.subservice: ngp
search.appverid: met150
appliesto:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender Antivirus
This article describes how to enable and update Microsoft Defender Antivirus on Windows Server. You'd use the procedures in this article if Microsoft Defender Antivirus was previously disabled or uninstalled.
-
Install the latest servicing stack updates.
-
Install the latest cumulative update.
-
Reinstall Microsoft Defender Antivirus or re-enable it. See the following sections (in this article):
-
Reboot the system.
-
Install the latest version of the platform update.
[!NOTE] Re-enabling Microsoft Defender Antivirus doesn't automatically install the platform update. You can download and install the latest platform version using Windows update. Alternatively, you can download the update package from the Microsoft Update Catalog or from the Antimalware and cyber security portal.
If you're preparing to install the modern, unified solution on Windows Server 2016, you can leverage the Installer help script to automate the platform update and the subsequent installation and onboarding. This script can also assist in re-enabling Microsoft Defender Antivirus.
First, ensure that Microsoft Defender Antivirus is not disabled either through Group Policy or registry. For more information, see Troubleshoot Microsoft Defender Antivirus while migrating from a third-party solution.
If Microsoft Defender Antivirus features and installation files were previously removed from Windows Server 2016, follow the guidance in Configure a Windows Repair Source to restore the feature installation files.
On Windows Server 2016, in some cases, you may need to use the Malware Protection Command-Line Utility to re-enable Microsoft Defender Antivirus.
As a local administrator on the server, perform the following steps:
-
Open Command Prompt.
-
Run the following command:
%ProgramFiles%\Windows Defender\MpCmdRun.exe -wdenable -
Restart the device.
In case the Defender feature was uninstalled/removed, you can add it back.
As a local administrator on the server, perform the following steps:
-
Open Windows PowerShell.
-
Run the following commands:
# For Windows Server 2016 Dism /Online /Enable-Feature /FeatureName:Windows-Defender-Features Dism /Online /Enable-Feature /FeatureName:Windows-Defender Dism /Online /Enable-Feature /FeatureName:Windows-Defender-Gui # For Windows Server 1803 and later, including Windows Server 2019 and 2022 Dism /Online /Enable-Feature /FeatureName:Windows-Defender
When the DISM command is being used within a task sequence running PowerShell, the following path to cmd.exe is required.
C:\Windows\System32\cmd.exe /c Dism /Online /Enable-Feature /FeatureName:Windows-Defender-Features C:\Windows\System32\cmd.exe /c Dism /Online /Enable-Feature /FeatureName:Windows-Defender
[!NOTE] You can also use Server Manager or PowerShell cmdlets to install the Microsoft Defender Antivirus feature.
-
Reboot the system.